OHSU

Resources

HIPAA: Designated Record Set

 HIPAA allows patients to request access to (and if they’d like, to obtain a copy of) what is called the Designated Record Set (DRS). This is all of the information held by OHSU that we use to make decisions about patients. The lists below are posted to help people understand what is included in the DRS.

Designated Record Set:
A patient's Health Record, which includes;

List of Exclusions

HIPAA Outside Resources

U.S. Department of Health and Human Services
Full text of the HIPAA regulations, as well as the Final Rules.

Beacon Partners, Inc.
HIPAA news and information, legislative developments, HIPAA-related events, legal perspectives on HIPAA.

Workgroup for Electronic Data Interchange (WEDI)
Information about electronic information standards, HIPAA glossary.

American Hospital Association
Legislative developments, HIPAA education resources.

National Committee on Vital and Health Statistics (NCVHS)
Public advisory body to the Secretary of Health and Human Services in the area of health and data statistics. Transcripts of all hearings and some written testimony.  

Protected Health Information (PHI) Repository

All non-Epic systems for storing protected health information (PHI) need to be entered into this registry; you'll also want to use the repository to note if you've deleted or modified an already-entered system. Your department's data steward is responsible for entering your system.

Privacy Glossary


PHI is de-identified when 18 types of info that can be used to identify someone are removed, i.e. name, DOB, address, SSN, phone number, date of service. See full list of Patient Identifiers. 

transaction standards, code sets, & identifiers (TCI)

Part of the Administrative Simplification required by HIPAA involves standardizing the ways in which medical information is recorded, coded, transmitted, and billed. Such standardization will reduce costs, streamline information flow, and reduce the possibility of fraudulent billing.  

accounting of disclosures

OHSU is required to keep a history of when and to whom protected health information (PHI) is disclosed if the disclosure occurs outside the scope of treatment, payment and health care operations, and is not made as a result of a signed authorization from the patient. Examples of disclosures that may be included in the accounting requirement are public health activities (reporting immunizations, birth and death certificates, cancer/tumor registries, pregnancy terminations), reports about victims of abuse, neglect, or domestic violence, information used for organ or tissue donation and transplantation, disclosures about decedents to coroners, medical examiners, or funeral directors, and other disclosures required by law. For each disclosure the following shall be recorded: the date of the disclosure; the name and, if known, the address of the recipient of the health information; the type of health information disclosed; and the purpose of the disclosure.

An individual has a right to receive an accounting of disclosures of PHI made by OHSU beginning April 14, 2003. Patients are entitled to one free accounting within a 12-month period.

OHSU disclosures that are subject to the accounting requirement shall be recorded in the Accounting of Disclosures System (ADS).

Resources